“The extra attack surface from Ajax is not from anything in the architecture but because you’re adding functionality,” Sullivan said. As your mouse glides smoothly over a Google Map, the application behind it is hard at work, constantly sending messages back and forth from the server to the client.

“Ajax is really cool. You just have to pay an extra price for the extra functionality,” Sullivan said. That “extra price” includes following basic application security best practices and cultivating communication among development, QA and testing teams. Many of those security practices should already be familiar.

Ridiculous!
Ajax is as secure as anything else involving communication and computers on this planet. I find it really bothering how much energy the existing power shakers are putting into “proving” that Ajax is not secure…

Take us for instance; (Gaia Ajax Widgets)
With our model we’re exactly as secure as ASP.NET and/or Mono is since we build our entire platform on top of theirs meaning that if there’s a breach in Mono there’s a breach in Gaia but unless there is a breach in Mono (or .Net) there’s NO breach in Gaia…!

To say things like “Ajax is insecure” etc is basically like saying “Europeans are stupid” or “American’s are arrogant” or something…
Only with humans there are actually LAWS against it…!

I find it however extremely interesting that these kind of claims comes directly some few days after the release of Silverlight… ;)